Summary

News

About

George Mason University is a National Center of Academic Excellence in Cybersecurity (NCAE-C). It is one of the National Security Agency’s original Centers of Academic Excellence in Information Assurance Education (CAE-IAE), later rebranded as CAE in Cyber Defense (CAE-CD).  In 2008, NSA established a new designation, the National Centers of Academic Excellence in Information Assurance Research (CAE-R), later rebranded as CAE in Cyber Research, a designation that Mason earned for the cutting-edge research being conducted at CSIS.  Mason is designated for both CAE-CD and CAE-R through 2021, and is currently undergoing redesignation.

The NACE-C validated cybersecurity Program of Study (PoS) offered by Mason is the BS in Information Technology (BS IT) with concentration in Cyber Security. The program is offered by the Department of Information Sciences and Technology (IST), and is regularly updated based on recommendations from the IST Industry Advisory Board.

National Center of Academic Excellence in Cybersecurity (NCAE-C)

George Mason University is a National Center of Academic Excellence in Cybersecurity (NCAE-C). It is one of the National Security Agency’s original Centers of Academic Excellence in Information Assurance Education (CAE-IAE), later rebranded as CAE in Cyber Defense (CAE-CD).  In 2008, NSA established a new designation, the National Centers of Academic Excellence in Information Assurance Research (CAE-R), later rebranded as CAE in Cyber Research, a designation that Mason earned for the cutting-edge research being conducted at CSIS.  Mason is designated for both CAE-CD and CAE-R through 2021, and is currently undergoing redesignation.

The NACE-C validated cybersecurity Program of Study (PoS) offered by Mason is the BS in Information Technology (BS IT) with concentration in Cyber Security. The program is offered by the Department of Information Sciences and Technology (IST), and is regularly updated based on recommendations from the IST Industry Advisory Board.

Security Resources at Mason

The IT Security Office provides computer users and system administrators with the tools and information they need to secure their systems.

• IT Security Standards
• Security Best Practices
• Phishing
• Security Liaisons
• System Admin Resources
• Highly Sensitive Data
• Computer Security Incident Response Team (CSIRT)
• System Administrator Leadership Team (SALT)
• Computers & Software

Student Competitions

Mason holds multiple competitions that provide opportunities for students and alumni in various disciplines, including cyber security, to gain firsthand experience in the world of entrepreneurship. A list of current competitions managed by the Office of Entrepreneurship and Innovation can be found at https://startup.gmu.edu/competitions. Mason also runs a Three-Minute Thesis competition to help students distill research into short, accessible pitches and various hackathons.

Government Sponsors

Army Research Office	Air force Office of Scientific Research	Air Force Research Laboratory
National Science Foundation	National Security Agency	IARPA
DARPA	National Institute of Standards and Technology	Office of Naval Research

Corporate Sponsors

MITRE Corporation	Northrop Grumman Corporation	MBL Technologies

DoD Cybersecurity Scholarship Program

DoD Cybersecurity Scholarship Program

The Center for Secure Information System and the Department of Information Sciences and Technology are soliciting applications for the 2023-2024 Department of Defense (DoD) Cyber Scholarship Program (CySP). The Department of Defense will provide students selected as Cyber Scholars with a full-ride scholarship including the following benefits:

• Full cost of tuition and books
• Required fees (including health care for PhD students)
• A laptop, which the student can keep upon termination of the scholarship period
• A stipend of $27,000 for undergraduate students and $32,000 for graduate (Master’s abd PhD) students
• Internship opportunities and guaranteed employment with a DoD agency upon graduation

Students falling into one of the following categories may apply:

• Juniors, Seniors pursuing a Bachelor’s degree (Sophomores promoting to a Junior in Fall 2023 are eligible to apply)
• Students in their first or second year of a Master’s degree
• Students pursuing doctoral degrees

Applicants must meet the following requirements to be eligible:

• Must be 18 years of age or older
• Must be a citizen of the United States at the time of application
• Must be enrolled (or accepted for enrollment) at George Mason University for the 2023-2024 academic year
• Must be pursuing a course of study and/or have a declared major in one of the scientific, technical, or managerial disciplines related to cyber or with a concentration in cybersecurity
• Must have a 3.2 GPA (undergraduate) or a 3.5 GPA (graduate), or an analogous rank based on a comparable scale
• Must be able to obtain a security clearance (but not required to obtain security clearance before applying)
• Must agree to work for the DoD, after graduation, as a civilian employee for one calendar year for each academic year for which financial assistance (scholarship) is received

Student Application Preparation Instructions

New Students and Returning Students who Applied Online in 2022

• Students who are applying to CySP for the first time are considered New Recruitment Students and must use the new DoD CySP online application tool. Returning DoD CySP Scholars who applied through the tool in 2022 will log-in to their original account and upload the required documents.
  • See the DoD Cyber Scholarship Application Quick Start Guide
• Applications missing any required documents will automatically be disqualified.
• Students who are currently receiving funds from another scholarship program or who have a service obligation upon graduation are not eligible to apply for the DoD CySP.
• Anticipated Final Graduation Date is for the degree program you are applying for scholarship support. Any applications that indicates a graduation date of January through September of the current year will not be eligible.
• Transcripts. An official transcript is the institution’s certified statement of the student’s academic record. The official paper transcript is printed on security sensitive paper and contains the intuition’s seal as well as a signature of the institution’s registrar. An official electronic transcript is a PDF secured by a digital signature, which is displayed at the top of the transcript; sometimes they will include a blue ribbon.
• Students should not attach copies or pictures of social security cards, driver’s licenses, passports, military identification, credit cards, degrees, certificates, and any other type of personally identifiable information.
• Letters of Recommendation should be a PDF copy of the original version uploaded through the new application tool. Letters should be on official company/institution letterhead, include the contact information to confirm the letter is valid (full name, mailing address, phone number, email address) and must be signed by the author. Applicants should instruct the author to save the letter as a PDF with the file name CySP2023_STUDENT LAST NAME_George Mason University (e.g., CySP2023_SMITH_George Mason University). Recommendations written in the body of an email or emailed by the applicant will not be accepted. The author will email the letter directly to the DoD CySP Program Office at AskCySP@nsa.gov. One letter must be from a current faculty member who is fully knowledgeable of the applicant’s potential for successful learning, knowledge, and ability. Applicants will provide the contact information for the author of the letter. New students must be submit two letters. The second letter can be from either a current or former faculty member, or a current or former supervisor. Returning students need to submit only one letter.
• Traditional resumes will not be submitted. The new DoD CySP application tool will prompt students to fill in the required resume information. Students will be asked to provide the following:
  • Education: degrees, institution, location, date of graduation (or expected date of graduation), major/minor fields, GPA.
  • Experience: jobs, internships, and/or volunteer work, including: (i) name of company, position, and dates employed; (ii) at least three important tasks, accomplishments, or skills gained at each job; (iii) any clearance level held; (iv) number of hours per week worked.
  • Skills: computer systems, software, foreign languages, certifications, clearance levels held, any other relevant skill.
• Paper applications for new students will not be accepted.
• Students are responsible for submitting a complete application through the new application tool by 11:59 PM EST on February 1, 2023. Students will not have access to the application on February 2, 2023.

Returning Students who Applied via Paper Forms in 2022

• Current DoD CySP Scholars who used paper applications in 2022 and are reapplying for additional years of support will continue to use the paper copy application form provided by the DoD CySP Program Office.
• The application will consist of
  • DoD CySP Returning Student Application Form (5 pages)
  • Official Transcripts
  • Resume
  • One Letter of Reference
• Current DoD CySP Scholars should save their application as a single PDF (no PDF portfolios) including all documents in the order specified above and provide it to Dr. Albanese (malbanes@gmu.edu) by February 1, 2023. Students should use the following naming structure to save their PDF: LASTNAME_FirstName_George_Mason_University_Returning.PDF. Applicants must deliver original paper transcripts in their sealed envelopes to the Department of Information Science Technology, 5400 Nguyen Engineering Building, MS 1G8, George Mason University, Fairfax, VA 22030, (Attn. Dr. Albanese) either by mail or in person. The Department of Defense needs to verify that the transcripts are not counterfeit. We recommend that applicants obtain multiple copies of their transcripts. They can deliver a sealed copy to us, and use another copy to scan it for inclusion in the PDF document.

We encourage students to submit their applications as early as possible and to contact us to receive feedback as they assemble their application materials.

For additional information, see the Attachment C: DoD CySP Application Background and Requirements.

Virginia Cyber Navigator Internship Program

Information about the Program

The Virginia Cyber Navigator Internship Program (VA-CNIP) is managed by a coalition of Commonwealth of Virginia Universities and Colleges partnering with the Virginia Department of Elections and industry to educate students about protecting critical infrastructure including our election and voting systems. The university network is led by the University of Virginia and includes George Mason University, Norfolk State University, Old Dominion University, Virginia Commonwealth University, and Virginia Tech.

VA-CNIP interns provide cybersecurity support services to local election offices in Virginia during a 10-week paid internship. The program was estabilished in the 2021-2022 Academic Year and the first cohort of VA-CNIP interns supported 14 Virginia localities in Summer 2022.The program includes a 2-day kickoff meeting at the University of Virginia in Charlottesville and 10 weeks of hybrid in-person and remote activities during the summer.

It is expected that students will be able to work remotely, however we do expect students to have occasional face-to-face meetings with their assigned locality supervisor. Students will also be assigned academic mentors to facilitate their learning experience.

VA-CNIP interns will receive an $8,000 stipend for a 10-week, 30 hours per week engagement with a Virginia local election office, plus additional $1,000 for travel-related expenses.

Requirements

• You must have completed IT 425 Election Security with a grade of A- or better. If you are enrolled in IT 425 at the time of application but have not yet completed the course, you may receive a provisional acceptance decision, contingent to successful completion of IT 425. The course will be offered in Fall 2022 and Spring 2023.
• You must be able to legally work for the University, but U.S. citizenship is not required.
• You must possess strong written and verbal communication skills, as you will be interacting with local election officials.

How to Apply

Complete the application form and submit the following documents:

• Resume: include details about any prior internships.
• Cover Letter with Statement of Interest: explain why you are interested in this internship program.
• Unofficial Mason Transcripts: if transferred from another institution, also include transcripts from that institution.

We will accept applications on a rolling basis, but priority will be given to applications received by January 31, 2023. For questions, please contact Dr. Massimiliano Albanese.

Internship and Scholarship Opportunities

Future Computing Summer Internship at the National Security Agency

Launching for the first time in the summer of 2022, the Advanced Computing Systems Research Program (ACS) in the NSA Research Directorate is partnering with their counterparts in the High Performance Computing and Operations organizations to provide a select number of students a tremendous internship opportunity. ACS is part of the Laboratory for Physical Sciences, and is located in the Research Park building complex next to the University of Maryland, Baltimore County (UMBC).

Working with technical peers from other universities as part of a small team, interns will conduct hands on technical work on projects important to NSA computing experts. Under their mentorship, and using the same HPC systems as ACS researchers, interns will learn about these projects and HPC by collaborating on a specific exploration. At the end of the internship, the students will present the results of their work, and write a technical paper documenting their results.

The internship experience will include valuable training to prepare students for the summer project, seminars on current NSA research projects, ‘living the HPC life’ at NSA, and field trips to a variety of labs and other facilities. Along the way, interns will learn about the NSA mission and career opportunities, with ample time to engage with their peers, mentors and a diverse set of speakers and attendees.

This internship experience is designed for students who will be completing their junior year (Spring 2023 graduates), and is well-suited for math, computer science, and computer engineering students. However, others are welcome to apply (please note, only US citizens are eligible to participate).

For more information and to apply, visit https://www.lps.umd.edu/future-computing-summer-internship/

People

Faculty and Staff

Center Leadership

Director. Sushil Jajodia
Associate Directors. Massimiliano Albanese and Kun Sun

Sushil Jajodia, Ph.D.
Professor & Director
Sushil Jajodia is University Professor, BDM International Professor, and the founding director of Center for Secure Information Systems in the College of Engineering and Computing at the George Mason University, Fairfax, Virginia. He is also the director of the NSF IUCRC Center for Cybersecurity Analytics and Automation (CCAA).

Dr. Jajodia has made research contributions to diverse aspects of security and privacy, including access control, multilevel secure databases, vulnerability analysis, moving target defense, cloud security, and steganography, as well as replicated and temporal databases and algebraic topology.  He has authored or coauthored seven books, edited 53 books and conference proceedings, and published more than 500 technical papers in the refereed journals and conference proceedings.  He is also a holder of 28 patents, 17 of which have been licensed by successful startups.  He is a fellow of ACM, IEEE, and IFIP; and recipient of numerous awards including the IEEE Computer Society W. Wallace McDowell Award.  According to the Google Scholar, he has over 50,000 citations and his h-index is 112.  He has supervised 27 doctoral dissertations; thirteen of these graduates hold academic positions while rest are in successful industrial positions.

Web: http://csis.gmu.edu/jajodia

Massimiliano Albanese, Ph.D.
Associate Professor & Associate Director

Massimiliano Albanese is an Associate Professor in the Department of Information Sciences and Technology, and the Center’s Associate Director.

Dr. Albanese holds a Ph.D. degree in Computer Science and Engineering from the University of Naples Federico II. He joined the University of Maryland in 2006 as a Faculty Research Assistant before joining George Mason University in 2011. At George Mason University, Dr. Albanese’s research interests have focused on Modeling and Detection of Cyber Attack, Network Hardening, Moving Target Defense, and Adaptive Cyber Defense. He is Co-PI o PI on funded projects totaling about $9.5M. Dr. Albanese holds a U.S. Patent and has co-authored a book and over 60 papers in refereed journals and conference proceedings. He is one of the three recipients of the 2014 Mason Emerging Researcher/Scholar/Creator Award, one of the most prestigious honors at Mason.

Web: http://csis.gmu.edu/albanese

Kun Sun, Ph.D.
Professor & Associate Director

Kun Sun is a Professor in the Department of Information Sciences and Technology. He is the Associate Director of CSIS. He is also the director of Sun Security Laboratory (https://sunlab-gmu.github.io/). Kun Sun received his Ph.D. from the Department of Computer Science at North Carolina State University. He has more than 15 years of working experience in both industry and academia. His research focuses on systems and network security. The main thrusts of his research include trusted computing systems, moving target defense, software security, Internet security, AI/ML security, and cloud security. He published over 130 technical papers on security conferences and journals including IEEE S&P, ACM CCS, USENIX Security, NDSS, RAID, ACSAC, IEEE DSN, ESORICS, IEEE TDSC, and IEEE TIFS, and two papers won the Best Paper Award. He was recognized by George Mason University with the Presidential Award for Faculty Excellence in Research in 2022.

Web: http://csis.gmu.edu/ksun

Xiaonan Guo, Ph.D.
Assistant Professor

Xiaonan Guo is an Assistant Professor in the Department of Information Science and Technology at George Mason University. Before joining George Mason University, he was an Assistant Professor in the Department of Computer Information Technology at Indiana University-Purdue University, Indianapolis. Dr. Xiaonan Guo was a post-doctoral researcher in the Department of Electrical & Computer Engineering at Stevens Institute of Technology. Xiaonan received his Ph.D. degree in Computer Science from Hong Kong University of Science and Technology. His research focuses on security and privacy in cyber-physical systems, security in mobile devices, IoT, mobile sensing and mobile healthcare, and machine learning and large data analysis for mobile computing. His research has been funded by NSF and has been recognized by awards, including ACM ASIACCS’16 Best Paper Award, EAI Healthy IoT’19 Best Paper Award, IEEE ICCCN’22 Best Paper Award Runner-up.

Web: https://mason.gmu.edu/~xguo8/

Emanuela Marasco, Ph.D.
Assistant Professor 

Emanuela Marasco is an Assistant Professor in the Department of Information Sciences and Technology. Before joining George Mason University, she was an Adjunct Professor and a Post-doctoral Researcher in Pattern Recognition and Biometrics at the University of North Carolina Charlotte, Department of Computer Science. From 2011-2014, Dr. Marasco was a post-doctoral Associate Researcher in the Lane Department of Computer Science and Electrical Engineering, West Virginia University. She received a five-year degree (Bachelor and M.Sc.) in Computer Engineering, in March 2006, and a PhD in Computer and Automation Engineering, in December 2010, both from the University of Naples Federico II, Italy.  Her research interests focus on pattern recognition, machine learning, image processing, computer vision, and biometrics. Specifically, she is addressing vulnerabilities and challenges of biometric systems through design and development of: (1) anti-spoofing countermeasures in fingerprint recognition systems, (2) algorithms for automatic enhancement of fingerprint sensor interoperability to maintain data independence from underlying device, (3) image de-identification techniques for privacy enhancement, (4) automatic estimation of soft biometrics (e.g., age, gender) from fingerprints, and (5) adaptive schemes for human identification based on degraded DNA samples. her current sponsors are NSF, DHS and DARPA.

Web: https://sites.google.com/view/emanuelamarasco/

Jianli Pan, Ph.D.
Associate Professor  

Dr. Jianli Pan is currently a tenured associate professor in the Department of Information Science and Technology at George Mason University. Previously, he was a tenured associate professor in the Department of Computer Science at the University of Missouri, St. Louis (UMSL). He obtained his Ph.D. in computer engineering from the Department of Computer Science and Engineering at Washington University in Saint Louis. Dr. Pan’s research interests broadly cover Internet of Things (IoT), edge/cloud computing, machine learning, cybersecurity, and blockchain. Dr. Pan co-authored over 60 peer-reviewed publications in high-impact journals and prestigious international conferences. His research has been funded by multiple agencies such as NSF, NSA, and NASA. Dr. Pan received 2020 “Inventor of the Year” award from the Metropolitan Saint Louis Area Bar Association and 2021 “Innovator of the Year” award from UMSL for his innovation in secure IoT systems. He also received 2018 “Junior Faculty of the Year” award and multiple “Outstanding Research” awards from UMSL for his research and contributions.

Web: https://mason.gmu.edu/~jpan22/

Sadegh Torabi, Ph.D.
Assistant Professor

Sadegh Torabi is an Assistant Professor at Department of Information Science and Technology (IST), School of Computing, at George Mason University. Sadegh is also a Research Fellow at the Center for Secure Information Systems (CSIS) at George Mason University, Fairfax, VA, USA. Sadegh’s research interests are in the areas of Internet measurements, network/systems security, usable security/privacy, and operational cyber security including the security of Internet of Things (IoT) and Cyber-Physical Systems (CPS).

Sadegh received his Ph.D. degree in Information Systems Engineering (with Outstanding Ranking) from Concordia University, Montreal, Canada. He also received his M.Sc. from the Electrical and Computer Engineering Department at University of British Columbia (UBC), Vancouver, Canada. During his Ph.D., Sadegh was a member of the Security Research Centre at Concordia University, where he received several awards and scholarships such as the Abdul-Aziz Hariri Graduate Scholarship in Cyber Security and the Carolyn and Brian Neysmith Graduate Scholarship.

Web: http://mason.gmu.edu/~storabi

Zhisheng Yan, Ph.D.
Assistant Professor

Zhisheng Yan is an Assistant Professor in the Department of Information Science and Technology, School of Computing, at George Mason University. He leads the Mason immErsive meDia computIng and Applications Lab (MEDIA Lab). Previously, he was an Assistant Professor in the Department of Computer Science at Georgia State University and a visiting researcher in the Department of Electrical Engineering at Stanford University.

Yan received his Ph.D. degree in Computer Science and Engineering from University at Buffalo, The State University of New York. His research focuses on the systems and security issues of immersive computing systems, such as VR, AR, imaging, and video systems. His research has been recognized by several awards, including NSF CRII Award, ACM SIGMM Best PhD Thesis Award, University at Buffalo CSE Best Dissertation Award, ACM HotMobile’18 Best Demo Award, and IEEE HealthCom’14 Best Student Paper Runner-up.

Web: https://mason.gmu.edu/~zyan4/

Lei Yang, Ph.D.
Assistant Professor

Lei Yang is currently an Assistant Professor in the Department of Information Sciences and Technology at George Mason University. Before that, she was an Assistant Professor in the Department of Electrical and Computer Engineering at the University of New Mexico. She received her Ph.D. degree and BE degree in 2019 and 2013, respectively, from Chongqing University, China. She was a Post-Doctoral Research Associate in the Department of Computer Science and Engineering at the University of Notre Dame.

Dr. Yang’s primary research interests lie in the joint area of Hardware/Software Co-Exploration for Neural Network Architectures, Embedded Systems, and High-Performance Computing. She is passionate about Automated Machine Learning, and System-Level Design and Optimization for Applied Machine Learning. She has authored and co-authored more than 50 research articles in refereed international conferences and premier journals. Her research has been recognized by several awards, including IEEE TCAD for the 2021 Donald O. Pederson Best Paper Award and Best Paper Award in ICCD 2017, and five Best Paper Nominations in ASP-DAC 2016/2019/2020, CODES+ISSS 2019, and DAC 2019.

Web: https://leiyang0416.github.io/ 

Marcos Zampieri, Ph.D.
Assistant Professor

Marcos Zampieri is an assistant professor in the Department of Information Sciences and Technology, School of Computing, at George Mason University. He received his PhD degree from Saarland University where he was a research associate at the German Research Center in Artificial Intelligence (DFKI). His research interests are in computational linguistics and natural language processing (NLP).

Dr. Zampieri’s research deals with the collection and processing of large bodies of texts with the goal of training robust NLP systems. Dr. Zampieri has published over 100 peer-reviewed papers in journals and conference proceedings and he has co-edited a dozen edited volumes, journal special issues, and workshop proceedings.

Web: https://mzampieri.com/

Rajesh Ganesan, Ph.D.
Associate Professor

Rajesh Ganesan is an Associate Professor in the Department of Systems Engineering and Operations Research. Dr. Ganesan received his Ph.D. degree in Industrial and Management Systems Engineering from the University of South Florida in 2005. His current research interests are in stochastic optimization (dynamic resource allocation using approximate dynamic programming), quality and statistics (feature detection and function approximation in high-dimensional data), and enginering education in K-12.

Web: http://mason.gmu.edu/~rganesan/

Hemant Purohit, Ph.D.
Associate Professor

Dr. Purohit is an Assistant Professor in the Department of Information Sciences and Technology. He received his Ph.D. degree in Computer Science and Engineering from Wright State University in Ohio in 2015, while also working at the Ohio Center of Excellence in Knowledge-enabled Computing before joining Mason. His current research interests are focused on addressing the fundamental problem of information overload from large-scale offline and online information sources for an individual, by modeling behavior of intentionality and comprehension using semantic computing, text mining, and applied machine learning approaches.

Web: http://ist.gmu.edu/~hpurohit
Janet DuBose
Administrative Assistant
Janet joined the Center in January 2019 after a sales career with Bloomberg Industry Group. She manages the operations of our unit and provides support to our faculty members, research students and visiting scholars.

Students and Postdocs

Current Students

PhD Students

• Amir Alipour-Fanid
• May Alotaibi 
• Monireh Dabaghchian
• Ibifubara Iganibo
• Long Jiao
• Prakruthi Karuna 
• Yue Li
• Songsong Liu
• Luan (Keith) Pham 
• Ankit Shah
• Jianhua Sun
• Shengye Wan
• Xinda Wang
• Hengrun Zhang

Visiting PhD Students

• Jie Tang
• Pu Wang

Master Students

• Nagaswaroop Kengunte Nagaraj 
• Shreya Nagesh

Undergraduate Students

• Stefany Cando
• Christopher Coleman
• Bea David 
• Vu Nguyen
• Kathryn Zurowski

Current Postdocs

• Ning Wang

Past Students

PhD Students

• Warren Connell, 2017
  • Thesis: A Quantitative Framework for Cyber Moving Target Defenses
  • Current employment: U.S. Air Force
• Sridhar Venkatesan, 2017 
  • Thesis: Adaptive Cyber Defenses to Mitigate Botnet-Borne Threats
  • Current employment: Research Scientist, Vencore Labs
• Mohammad Abusalim, Saudia Arabia
• Vijayalakshmi Atluri, Rutgers University (Recipient NSF Career Award)
• R. Chandramouli, NIST
• Shiping Chen, Sybase
• Bob Eek, SAIC
• Csilla Farkas, University of South Carolina (Recipient NSF Career Award)
• Rajni Goel, Howard University
• Neil Johnson, Booz Allen Hamilton
• Katrin Khojasteh, World Bank
• Meixing Le, Cisco Systems
• Yingjiu Li, Singapore Management University
• Peng Liu, Pennsylvania State University (Recipient DoE Young Investigator Award)
• Don Marks, University of Tulsa
• Michael Martin, The MITRE Corporation
• John McDermott, Naval Research Laboratory
• Peng Ning, North Carolina State University (Recipient NSF Career Award)
• Joseph Pamula, Enterasys, Inc.
• Indrajit Ray, Colorado State University
• Indrakshi Ray, Colorado State University
• Sankardas Roy, Kansas State University
• Hemant Sengar, Nuvox Communications
• Lingyu Wang, Concordia University
• Ningning Wu, University of Arkansas, Little Rock
• Jackie Yang, SAIC
• Chao Yao, Bloomberg
• Lei Zhang, Google
• Sencun Zhu, Pennsylvania State University (Recipient NSF Career Award)

Visiting PhD Students

• Damon Paulo, U.S. Military Academy, USA
• Ermanno Battista, University of Naples Federico II, Italy
• Alessandra De Benedictis, University of Naples Federico II, Italy
• Ravi Jhawar, University of Milan, Italy

Undergraduate Students

• Daniel Jacobson
• Alexander Englander
• William Wang

Visiting Scholars

CSIS regularly hosts visiting scholars from both national and international universities.

Recurring Visitors

• Pierangela Samarati, University of Milan, Italy
• Vincenzo Piuri, University of Milan, Italy
• Sabrina De Capitani di Vimercati, University of Milan, Italy
• Sara Foresti, University of Milan, Italy
• Giovanni Livraga, University of Milan, Italy

Past Visitors

• Witold Litwin, University Paris 9 Dauphine, France
• Claudio Agostino Ardagna, University of Milan, Italy
• Claudio Bettini, University of Milan, Italy
• Sergio Mascetti, University of Milan, Italy
• Dario Freni, University of Milan, Italy
• Chandan Mazumdar, Jadavpur University, Kolkata, India
• Allan J. Sieradski, University of Oregon, Eugene
• Vijay Varadharajan, Macquarie University, Australia
• Alessandro Mei, University of Rome “La Sapienza”, Italy
• Mauro Conti, University of Rome “La Sapienza”, Italy
• Valentina Casola, University of Naples Federico II, Italy
• Cristian Molinaro, University of Calabria, Italy
• Lingyu Wang, Concordia University, Canada

Research

Document Generation

Generating Documents that are Consistent with a Knowledge Base
A DoD Multidisciplinary University Research Initiative (MURI) Project Sponsored by the Office of Naval Research
2018 – 2023

Pricipal Investigator
Sushil Jajodia, George Mason University

Other Team Members

V. S. Subrahmanian, Dartmouth College
Philip Resnik, University of Maryland, College Park
Noah Smith and Hannaneh Hajishirzi, University of Washington
Project Description

There is a growing need for the US government and for US companies to understand the content of the documents within their own enterprises so that they can better protect the military secrets, intellectual property, personal information, financial information, and business plans contained therein. Such data within organizations is scattered within reports, presentations, spreadsheets, and more. The goal of this project is to develop the computational and mathematical foundations required to automatically understand technical documents and use an algebra of document manipulation operators to generate a collection of new documents that are consistent with the history.

Adaptive Cyber Defense

Adversarial and Uncertain Reasoning for Adaptive Cyber Defense: Building the Scientific Foundations

A DoD Multidisciplinary University Research Initiative (MURI) Project
Sponsored by the Army Research Office
2013 – 2018

PRINCIPAL INVESTIGATORS:
Sushil Jajodia and Massimilano Albanese
George Mason University
OTHER TEAM MEMBERS:
George Cybenko
Dartmouth College
Michael P. Wellman, Satinder Singh Baveja, Demosthenis Teneketziz
University of Michigan
Peng Liu, Minghui Zhu
Pennsylvania State University

Today’s cyber defenses are largely static. They are governed by slow deliberative processes involving testing, security patch deployment, and human-in-the-loop monitoring. As a result, adversaries can systematically probe target networks, pre-plan their attacks, and ultimately persist for long times inside compromised networks and hosts.

This project will develop a new class of technologies called Adaptive Cyber Defense (ACD) that will force adversaries to continually re-assess, re-engineer and re-launch their cyber attacks. ACD presents adversaries with optimized and dynamically changing attack surfaces and system configurations, thereby significantly increasing the attacker’s workloads and decreasing their probabilities of success.

ACD technology builds on two active but heretofore separate research areas: Adaptation Techniques and Adversarial Reasoning. Research in Adaptation Techniques (AT) has provided a rich repertoire of methods for introducing diversity and uncertainty into networks, applications, and hosts. However, the criteria for deciding where, when, and how to best employ available AT options have been outside the main body of AT research. Such management decisions are complex due to the performance and security tradeoffs inherent in AT approaches. To address such challenges, this project will harness a broad array of Adversarial Reasoning (AR) techniques to identify effective and stable strategies for deploying AT options in operational systems. AR combines machine learning, behavioral science, control theory, and game theory to address the goal of computing effective strategies in dynamic, adversarial environments.

Similar system adaptation techniques have already shown remarkable success in non-adversarial scenarios like mobility adaptive MANETs. However, those adaptation approaches assume stationary and stochastic, but non-adversarial, environments. Situations with intelligent peer adversaries operating in and changing a networked environment produce dynamic behaviors that violate these assumptions, potentially defeating these adaptations.

This coherent and focused research effort will yield: (a) scientific and engineering principles that enable effective Adaptive Cyber Defense, and (b) prototypes and demonstrations of technologies embodying these principles in defense-based scenarios, possibly in national cyber testbeds.

Automated Security Response

ASSERT: Automated Security System Event Response Techniques

Sponsored by the Office of Naval Research

December 2014 — December 2017

Principal Investigators
Sushil Jajodia, George Mason University
V.S. Subrahmanian, University of Maryland College Park
Project Description

Today’s cyber-security analysts (CSAs) suffer from an over-abundance of false positives which continuously interrupt their normal operations, leading to several inefficiencies. First, CSAs distrust the accuracy of security alert mechanisms, leading them to manually assess threats which is impossible to do well because of the high rate of alerts. Second, because of high false positive threat alert mechanisms, CSAs are diverted by noise from real threats which stay “hidden” within the plethora of false alerts. In our ASSERT project, we propose to develop the fundamental theory required to (i) develop a database of alerts and their eventual classification as real vs. false positives and the context in which those alerts were generated, (ii) develop the methods needed to build a human-understandable probabilistic rule model that distinguishes between alerts that are real vs. those that are false positives, (iii) develop a statistical predictive logic that is good at predictive classification of alerts as real vs. false positives which may be less understandable than the methods in (ii), and finally (iv) develop a hybrid logic that brings together both the power of explainable, human-understandable alert explanation and action logic, together with the power of statistical methods so as to get the best of both worlds. Our ASSERT project will propose different methods to implement these techniques and assess them on both synthetic and real-world data.

Cyber Situation Awareness

Computer-aided Human Centric Cyber Situation Awareness

A DoD Multidisciplinary University Research Initiative (MURI) Project
Sponsored by Army Research Office
2009 – 2014

PRINCIPAL INVESTIGATORS:
Sushil Jajodia and Massimilano Albanese
George Mason University

OTHER TEAM MEMBERS:
Peng Liu, John Yen, Mike McNeese, Dave Hall
Pennsylvania State University
Nancy Cooke
Arizona State University
Coty Gonzalez
Carnegie Mellon University
Peng Ning, Michael Young
North Carolina State University
V.S. Subrahmanian
University of Maryland

Today, when a security incident occurs, the top three questions security administrators would ask are in essence: What has happened? Why did it happen? What should I do?  Answers to the first two questions form the core of Cyber Situational Awareness. Whether the last question can be satisfactorily answered is greatly dependent upon the cyber situational awareness capability of an enterprise.

A variety of computer and network security research topics (especially some systems security topics) belong to or touch the scope of Cyber Situational Awareness. However, the Cyber Situational Awareness capability of an enterprise is still very limited for several reasons:

• Inaccurate and incomplete vulnerability analysis, intrusion detection, and forensics.
• Lack of capability to monitor certain microscopic system/attack behavior.
• Limited capability to transform/fuse/distill information into cyber intelligence.
• Limited capability to handle uncertainty.
• Existing system designs are not very “friendly” to Cyber Situational Awareness.

The goal of this project is to explore ways to elevate the Cyber Situational Awareness capability of an enterprise to the next level by measures such as developing holistic Cyber Situational Awareness approaches and evolving existing system designs into new systems that can achieve self-awareness.

Configuration Analytics and Automation

/UCRC: Collaborative Research: Center for Configuration Analytics and Automation (CCAA)
Sponsored by NSF I/UCRC Program
06/01/2013-05/31/2018
Pricipal Investigator
Sushil Jajodia
Center for Secure Information Systems
George Mason University

UNIVERSITY PARTNER
Ehab Al-Shaer
University of North Carolina, Charlotte

Configuration complexity imposes a heavy burden on both regular users and experienced administrators. This complexity dramatically reduces overall effectiveness of operational management and network assurability. A report from the Center for Strategic and International Studies “Securing Cyberspace for the 44th Presidency” in December 2008 states that “inappropriate or incorrect security configurations were responsible for 80% of United States Air Force vulnerabilities”. A Juniper Networks report “What is Behind Network Downtime?” states that “human error is blamed for 50 to 80 percent of network outages”. It has been widely reported that the cost of system management has been growing exponentially over years due to increasing complexity of system management including security configuration. It has also been stated in that “more than 40% of the total IT budget of a $1 billion-plus company going to human labor and IT operations accounting for 80% to 90% of the budget”. Moreover, the complexity of future systems and the potential of misconfiguration is likely to increase significantly as the technology progresses toward “smart” cyber infrastructure and “open” configurable platforms (e.g., OpenFlow and virtual cloud computing). As a result large enterprise organizations, product/services providers and government organizations all have interest in this common problem. A recent cyber strategy white paper sponsored by the Department of Homeland Security for cybersecurity stated, “Automation is one of the three interdependent building blocks of a healthy cyber ecosystem, along with interoperability and authentication.”

Government agencies, critical infrastructure providers, large private or public enterprises, daily must deal with the complexity of managing the configuration of an entire array of products and services that make up their IT infrastructure.  Thus, today’s and tomorrow’s complex network of information systems used by large enterprises can no longer be managed by disparate ‘handcrafted solutions’ and manual processes. Configuration analytics and automation techniques and tools must be developed and adopted to automate the entire IT configuration management cycle including defining, abstraction, synthesis, refinement, verification, validation, testing, debugging, optimization, tuning, and evaluation in order to verify, measure/assess and improve the system assurability (availability and QoS), security (trustworthiness), and sustainability (dependability) of current and future IT services and infrastructures.

This grant from NSF has permitted the Universities (University of North Carolina Charlotte, and George Mason University) to establish this center, start engaging with industry and government partners, and grow this momentum of research innovation and education in this critical area.

The CCAA vision is to provide research for improved configuration analytics and automation capabilities and their integration for efficient, accurate and timely operations, management and defense of complex networked information technology (IT) systems and environments. The goal of the Center of Configurations Analytics  and Automation (CCAA) is to build the critical mass of inter-disciplinary academic and industry partnership for addressing the current and future challenges of configuration analytics and automation to improve enterprise IT system and service manageability, performance, assurability, security and sustainability; and applying innovative analytics and automation to complex networked systems including: enterprise networking of clouds and data centers, software defined networking, hybrid and cyber-physical systems, smart critical infrastructures, mission-oriented networks (sensor-actuator networks), virtual overlays, social networks and mobile systems.

For more information about CCAA, please visit http://ccaa.gmu.edu/.

Publications

See website for more older publications

Recent Publications

2023

2022

2021

2020